Customization and Configuration in Salesforce

Welcome back to the Salesforce Admin Certification workshop on Day 2. in this session/post we will cover Customization and Configuration in Salesforce which covers 20% of Salesforce Admin Certification. The following are the main topics which cover in this section.

  • Company Setup
  • User Setup
  • Security Setup
  • UI Setup
  • Custom Profile and Permission Sets

Company Setup

Company Information Shows all the essential information related to the company. You can also manage your licenses and entitlements. This page contains the information provided when your company signed up with Salesforce.

Company Setup in Salesforce

Fiscal Year

  • Standard fiscal year
  • Custom fiscal year (once enabled, can not be disabled)
  • Used in forecast reports

Business Hours:

  • Define the working hours for the support team.
  • If the organization does not work daily, put blank hours for it.


Holidays define a date and time on which businesses are suspended. A recurring holiday can be set. If we set a regular holiday for each month, the holiday will not be created if that date does not occur. Holidays can be assigned within business hours. We can associate 1000 holidays with each set of business hours.

User Setup

User Creation

  • Human vs non-human user
  • A license is required for user creation. (1 License = 1 User)
  • We need to define the profile and role of the user.
  • One user can have only one role and one profile.
  • The user can not be deleted.
  • Ten users can be created using the add multiple user button. No matter if we have more licenses available.

Login History

  • A place to see all the login attempts of the user.
  • If a user complains about not being able to log in, login history is 1st place to check if a user is an active user.

User Deactivate/Freeze

Sometimes if we do not want a user to login into Salesforce we can deactivate or freeze the user. In both, the user will not be able to log in.

  • Freeze users only disable the user from logging in.
  • Deactivation of the user will release the license, and we can use that license to create another user.
  • Sometimes, we can not deactivate a user, eg.
    • Default owner of leads
    • Default or automated case owner
    • Default lead creator or owner
    • Default workflow user
    • Recipient of workflow email alert
    • A user selected in custom hierarchy field

Security Setup

Choosing the data set each user or group of users can see is one of the key decisions that affect the security of your Salesforce org or app. Once you’ve designed and implemented your data model, think about the kinds of things your users are doing and the data they need to do it. Here is a list of all the options with which we can control the security in Salesforce.

  • Profile
    • Object permission
    • Field Permission
    • Tab visibility
    • Login Hours
    • Login IP Ranges
  • Permission Set
  • Public Group 
  • Roles


Profile: It is a collection of settings and permissions that a user can do in Salesforce. The following type of permission can be managed under the profile.

  • APP Permission:
  • Tab visibility: 
    • Default on 
    • Default off
    • Tab hidden
  • Object permission: Which object can a user see and what action can be performed?
  • Field Permission: Which fields can the user see/edit after accessing that object? 
  • Login Hours: We can set the hours when a user can log into
  • Login IP Ranges: 
    • We can set the allowed IP’s from which login is allowed.
    • Login from any other IP’s will not be allowed.
    • Do not set this for System admin profile.
    • We can set a range of IP’s.
  • System permission:
    • Export Report
    • View All Data
    • Modify All Data
    • Transfer Case/Leads
    • Password Never Expires

Password Policies: We can specify the company’s password requirement.

  • Can be set at the organisation level or profile level.
  • Profile level password policy overrides the org-wide password policy.

Profile vs Permission Set

Permission Set: Permission set extends the user’s access without making changes to the profile

ProfilePermission Set
We can restrict user access from here.Multiple permission sets can be assigned to the user.
Login Hours/Login IP ranges can be managedIt is always used for extending the access.
Record Type(default)/Page Layout can be assignedRecord Type(Default)/Page layout can not be assigned.
Login Hours/Login IP ranges can’t be managedLogin Hours/Login Ip Ranges can’t be managed
Password Policies can be setPassword Policies can’t be set

Record level Security

Organization-Wide Default

  • Used when we want to restrict the record-level access of any object
  • We can set different org wides for different object.
  • We have following options to set.
    • Private (By default record will be visible to owner only)
    • Public read only (record will be visible to all users with read only access)
    • Public read/write
    • Public read/write/transfer (Lead/Case)
    • Controlled by parent
  • If an object is on detail side of master detail relationship, it’s org wide will be controlled by parent.
  • We use it to restrict the access. Serval other options are available to open up access.

Role Hierarchy

  • User can edit, view and report on data owned by him or any user below them in the role hierarchy.
  • User can edit, view and report on data shared with them or any user below him in role hierarchy.
  • Grant Access Using Hierarchies can only be disabled for custom objects only.
  • It can not restrict the access given by Org-wide default.

Sharing Rule

  • Sharing rule can be used to share record with public group, role (not falling in role hierarchy.
  • It can not restrict the access given by Org wide default.
  • We can select the records to be shared by owner of records or criteria.
  • 300 Sharing rule can be defined for each object.
  • 50 Criteria based sharing rule can be set. (falls under 300)

Manual Sharing

  • Record can manually be shared with user, by clicking Share button on record detail page.
  • User should be 1 of following to provide manual sharing.
    • Record Owner
    • Having record full access

View All Data

  • This can be set at the profile level.
  • Users having this access will be able to see all the records.

Modify All Data

  • This can be set at the profile level.
  • Users having this access will be able to edit all the records.

UI Setup

List View: 

  • To frequently see the filtered data on object tab.
  • Sharing of list view can be managed

Global Action

  • Global action are used to perform some predefined action without leaving the current screen where user are currently working.
  • Action like create record, updating record, send email can be performed

Customization and Configuration in Salesforce Video

YouTube video

Twist Your Mind

  1. What happens to records owned by a user when a user is deactivated?
  2. Apex Hour uses Salesforce and wants to onboard five new users, who should have almost the same access in Salesforce apart from 1 user who needs edit access on account in addition to all the access the other four users have. As a system admin, how will you achieve this?
Amit Chaudhary
Amit Chaudhary

Amit Chaudhary is Salesforce Application & System Architect and working on Salesforce Platform since 2010. He is Salesforce MVP since 2017 and have 17 Salesforce Certificates.

He is a active blogger and founder of Apex Hours.

Articles: 466


  1. These sessions are awesome and very detail.
    “Twist Your Mind” is good.
    Will you be posting answers for these?
    Also please start the similar one for Developer also.

  2. 1. Even if we deactivate user, there won’t be any change in the records.
    2. Permission set best suits for the requirement.

  3. If we deactivate user, there won’t be any change in the record
    Create a Permission set for that one Single user to access the account while it can be avoided for other users to assign

  4. Thanks for insightful session with detailed explanation which covers all basic sections

    1) If we deactivated user, there will no change in records until user ownership transfer.. If user left organization, It will affected, ideally we transfer default Ownership for object Leads, Opportunity etc. to avoid further issues, Their manager can access records based on their access.

    2) Permission set can give additional access to user.

  5. To answer the twist your mind questions,
    1. Role Hierarchy can explain this issue. If the user is deactivated, anyone above that user in the Role Hierarchy will still have access. Then, they can reassign these records to a new user by Mass Transfer.
    2. I think it’s testing the Profile and Permission Set. In this case, you can add all multiple users under the same Profile. For the particular 1 User, you want to assign the Edit permission, add Assignment, and select the checkboxes next to the name you want to assign to the permission set.

    Thanks for the helpful workshop!

  6. NO change in the records on deactivating the user .
    . Permission set will be the best option .(going by least access method)

  7. Configuration and Setup | Salesforce Admin Certification Workshop DAY 2.

    nice session and information shared through both medium.. YouTube and website.. great work .

  8. Hi Amit,
    Thank you very much for “FREE Salesforce Admin Certification Training”. I completed “Day 2: Configuration and Setup” Session. It is really very helpful for new members who are willing to build their career in Salesforce like me. I am preparing for the Salesforce Admin certification exam under your guidance from Apexhours blog and YouTube channel.

  9. I have completed this session.

    What happened to records owned by a user, when a user is deactivated?
    Records will be available within the org and can be transfer to other users and then the assigned user will be the new owner of the records.

    Apex Hour uses Salesforce and want to onboard 5 new users, which should have the almost same access in Salesforce apart from 1 user who needs edit access on account in addition to all the access the other 4 users have. As a system admin, how will you achieve this?
    One profile with read access can we assigned to all users and then a permission set with edit access can be assigned to that one dedicated user.

  10. I have completed “FREE Salesforce Admin Certification Training”. “Day 2: Configuration and Setup” Session. It was a very nicely explained & detailed session for us,who are just newbie into the salseforce ecosystem. Thanks ApexHours for such an informative session

  11. Apexhours is really useful for novice SF person like for me. Now I am confident enough to take up the admin certification.
    Thanks a lot.

Leave a Reply

Your email address will not be published. Required fields are marked *